Recently, Ecuador bank Banco Del Austro of Cuenca has become victim (first victim) of network theft cases, losing 12 million dollars to attackers through the loophole of SWIFT system.

The vulnerable SWIFT system and frequently occurred bank robbery

SWIFT, also known as Society for Worldwide Interbank Financial Telecommunication, is an international cooperative organization within the international bank industry founded in 1973 and has been used by most banks from most countries in the world.

This February, hackers have successfully stolen 81 million dollars from the Central Bank of Bangladesh. Several days ago, SWIFT announced a second case of network theft of financial bank. This type of crime has already become a part of global network attack. Recently, attackers again stole 12 million dollars from Ecuador bank through SWIFT system.

It is obvious that the network attack targeted financial businesses and bank industry we are faced with is getting even more frequently. Criminals mainly aim at the dominant constituent of banking business’s infrastructure, SWIFT, a global information system used by worldwide banks with over a billion dollars transmission.

Now, the third bank robbery case we are discussing about, Ecuador Banco Del Austro (BDA) bank robbery has lost 12 million dollars to attackers who took advantage of SWIFT system.

This case took place in January 2015. It was not exposed until a court document of Ecuador bank prosecuting Wells Fargo bank was leaked. In all cases, attackers used malicious software to intrude into bank network and got access to SWIFT information network. In the case of one of the victim bank, attackers sent forged message to the bank asking to transfer a million dollars through SWIFT.

Malicious software emerged

Researchers of BAE Company said that they have found malware called evtdiag.exe in the SWIFT system of the Central Bank of Bangladesh. The malware contains code which can control Alliance Access, the software client of SWIFT.

Hackers logged in SWIFT system with certificate. BAE experts found the SWIFT software of Bangladesh Bank has been damaged and could be used by hackers to conduct illegal money transfer operation. An article on BAE Blog wrote:

“This malware is customized for theft implementation and has shown knowledge beyond the ordinary level as well as superb coding technique of malware. It will get in the way of future security detection and response and give the attackers more time for the succedent money laundry.”

Experts think the tool hackers used can be used to conduct similar attack in the future.

In the case of Ecuador bank attack, experts found that hackers have at least robbed 12 million dollars of 12 banking transactions within 10 days using SWIFT certificate of bank staff. The money has been transferred into accounts in Hong Kong, Dubai, New York and Los Angeles.

There are many loopholes assisting these bank robberies. For instance, the case has not been exposed until BDA took legal actions against Well Fargo. Hackers were able to continue all the attack because of the lack of information sharing.

The official statement said neither BDA nor Well Fargo has informed SWIFT about the robbery and in the announcement SWIFT said:

“We are ignorant of this incident and we need our clients to inform us when frauds like this occur, especially frauds connected with our product and service, so that we can inform all members of the association. We have been keeping in touch with related bank to get more information and remind it the client obligation, to share such information with us.”

Reported by Reuters, SWIFT has informed clients to share related information about system attack to prevent worse incidents.